Schrodinger's Cat Video and the Death of Clear Text

Salient point:<p><pre><code> The target is presented with a dialogue to upgrade their flash installation [via ISP-based MITM - DenisM]. If this upgrade is accepted the malicious SWF enables the installation of a ‘scout agent’ which provides target validation.</code></pre>

A related article is <a href="https://firstlook.org/theintercept/2014/08/15/cat-video-hack/" rel="nofollow">https:&#x2F;&#x2F;firstlook.org&#x2F;theintercept&#x2F;2014&#x2F;08&#x2F;15&#x2F;cat-video-hack...</a>, via <a href="https://news.ycombinator.com/item?id=8184061" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=8184061</a>.

Adopting HTTPS is very important for the Web, but the lack of HTTPS in this case is just a red herring. The real problem is that it&#x27;s way too easy to exploit systems through the web browser. If the entire Web switched to HTTPS, government attackers would just find another way to deliver their exploits besides injection into plain text websites. Working on solving this problem is just as essential as transitioning to HTTPS.

With tools like these out there, what can we do to protect ourselves? Besides not downloading binaries over HTTP (which still wouldn&#x27;t protect you if a CA has been compromised) what other steps can someone take? I hate how vulnerable and yet utterly essential our browsers have become.

Maybe a stretch, but is this somehow connected:- <a href="https://news.ycombinator.com/item?id=8160844" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=8160844</a> ?<p>I oddly remembered this comment from my memory trove.

The internet 1.0 was designed so grad students could argue about Star Trek while pretending to publish research